Upgrade simplesamlphp library to 1.14.17 [#2932365]

Due to multiple security advisories for the library in 2017.

Diff:
https://github.com/simplesamlphp/simplesamlphp/compare/v1.14.11...v1.14.17

Releases:
https://github.com/simplesamlphp/simplesamlphp/releases

Security advisories:
https://simplesamlphp.org/security/201703-01
https://simplesamlphp.org/security/201703-02
https://simplesamlphp.org/security/201704-01
https://simplesamlphp.org/security/201704-02
https://simplesamlphp.org/security/201705-01
https://simplesamlphp.org/security/201708-01
https://simplesamlphp.org/security/201709-01
https://simplesamlphp.org/security/201710-01

This is independent of all the issues related to upgrading the library to version 1.15.

Comment	File	Size	Author
#2	upgrade-simplesamlphp-library-2932365-2.patch	280 bytes	timwood
#2

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

21 December 2017 at 15:28

timwood created an issue. See original summary.

File	Size
upgrade-simplesamlphp-library-2932365-2.patch	280 bytes

Comment #3

dakku CreditAttribution: dakku commented 8 January 2018 at 10:53

Hi thank you for the patch.
We have a number of open threads regarding updating the lib version. Please see ongoing discussions here:
https://www.drupal.org/project/simplesamlphp_auth/issues/2929202

Comment #4

timwood

English

Rockville, Maryland

CreditAttribution: timwood commented 8 January 2018 at 12:41

Hi dakku,
Glad I was able to provide the patch.

As I mentioned in the original issue, this issue and the patch provided is separate from the issue(s) related to upgrading the library to version 1.15. This patch only upgrades the library to the most recent 1.14 version (1.14.17), which includes all current security patches.

I'm going to continue to use this patch and, due to security issues with the library, it's probably a good idea to prioritize this and include it in a release asap.

Comment #5

dakku CreditAttribution: dakku commented 11 January 2018 at 09:28

Hi Tim,
Thanks - I think it makes sense for us to do a new dev release and maybe open it for some feedback.

Comment #6

timwood

English

Rockville, Maryland

CreditAttribution: timwood commented 11 January 2018 at 14:24

Thank you.

Comment #7

12 January 2018 at 09:36

dakku committed b8f4b24 on 8.x-3.x authored by timwood

Issue #2932365 by timwood: Upgrade simplesamlphp library to 1.14.17

Comment #8

dakku CreditAttribution: dakku commented 12 January 2018 at 09:38

Hi Tim,
This is pushed over in the Dev branch. If you can take it for a spin and confirm, I will create a new release tag.

Comment #9

dakku CreditAttribution: dakku commented 12 January 2018 at 09:38

Status:

Active

» Fixed

Comment #10

26 January 2018 at 09:39

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Upgrade simplesamlphp library to 1.14.17

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Comment #10

Related issues

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community